asp防注入代码! 要求斑竹加精,不然不干 了.
<%On Error Resume Next
Dim strTemp,hk
If Trim(Request.QueryString) <> "" Then strTemp =Trim(Request.QueryString)
strTemp = LCase(strTemp)
hk=0
If Instr(strTemp,"%")<>0 then hk=1
If Instr(strTemp,"count(")<>0 then hk=1
If Instr(strTemp,"asc(")<>0 then hk=1
If Instr(strTemp,"mid(")<>0 then hk=1
If Instr(strTemp,"char(")<>0 then hk=1
If Instr(strTemp,"xp_cmdshell")<>0 then hk=1
If Instr(strTemp,"'")<>0 then hk=1
If Instr(strTemp,"select")<>0 then hk=1
If Instr(strTemp,"insert")<>0 then hk=1
If Instr(strTemp,"delete")<>0 then hk=1
If Instr(strTemp,"update")<>0 then hk=1
If Instr(strTemp,"and")<>0 then hk=1
If Instr(strTemp,"or")<>0 then hk=1
If Instr(strTemp,";")<>0 then hk=1
if hk=1 then
Response.Write "<script language='javascript'>"
Response.Write "alert('提交字符中包含非法字符,您的上网资料已被我们记录!');"
Response.Write "location.href='javascript:history.back()';"
Response.Write "</script>"
response.end
hk=0
End If
%> 我支持你哈~~~~~~~ 晕,我早有用到 原来是这样啊
我说注入一个网站 怎么老弹那句话呢 这一点点是放不住的,ASP太没出息了……
asp防注入代码! 要求斑竹加精,不然不干 了.
<%On Error Resume Next
Dim strTemp,hk
If Trim(Request.QueryString) <> "" Then strTemp =Trim(Request.QueryString)
strTemp = LCase(strTemp)
hk=0
If Instr(strTemp,"%")<>0 then hk=1
If Instr(strTemp,"count(")<>0 then hk=1
If Instr(strTemp,"asc(")<>0 then hk=1
If Instr(strTemp,"mid(")<>0 then hk=1
If Instr(strTemp,"char(")<>0 then hk=1
If Instr(strTemp,"xp_cmdshell")<>0 then hk=1
If Instr(strTemp,"'")<>0 then hk=1
If Instr(strTemp,"select")<>0 then hk=1
If Instr(strTemp,"insert")<>0 then hk=1
If Instr(strTemp,"delete")<>0 then hk=1
If Instr(strTemp,"update")<>0 then hk=1
If Instr(strTemp,"and")<>0 then hk=1
If Instr(strTemp,"or")<>0 then hk=1
If Instr(strTemp,";")<>0 then hk=1
if hk=1 then
Response.Write "<script language='javascript'>"
Response.Write "alert('提交字符中包含非法字符,您的上网资料已被我们记录!');"
Response.Write "location.href='javascript:history.back()';"
Response.Write "</script>"
response.end
hk=0
End If
%>
页:
[1]